30 open-source projects similar to secdec/attack-surface-detector-burp, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Attack Surface Detector Burp alternative.
A Burp Suite Pro extension which augments your proxy traffic by injecting non-invasive headers designed to reveal backend systems by causing pingbacks to Burp Collaborator
This Burp Suite extension automatically detects and exploits HTTP Request Smuggling vulnerabilities using advanced desynchronization techniques developed by PortSwigger researcher James Kettle. It supports comprehensive scanning for HTTP/1.1 and HTTP/2-downgrade desync vulnerabilities,…
一款基于BurpSuite的被动式shiro检测插件
Dr. Watson is a simple Burp Suite extension that helps find assets, keys, subdomains, IP addresses, and other useful information! It's your very own discovery side kick, the Dr. Watson to your Sherlock!
A Burp Suite extension for identifying missing Subresource Integrity attributes.
A Burpsuite plugin (BApp) to aid in the detection of scripts being loaded from over 23000 malicious cryptocurrency mining domains (cryptojacking).
Burp Suite plugin identifies insertion points for GWT (Google Web Toolkit) requests
Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
Blackbox Protobuf now has an official package on PyPi under the name bbpb. The blackboxprotobuf package is an older fork
HUNT Suite is a collection of Burp Suite Pro/Free and OWASP ZAP extensions. Identifies common parameters vulnerable to certain vulnerability classes (Burp Suite Pro and OWASP ZAP). Organize testing methodologies (Burp Suite Pro and Free).
Find Target="_blank" values within web pages that are set without 'noopener' and 'noreferrer' attributes
Burp Extension to find potential endpoints, parameters, and generate a custom target wordlist
GUI Burp Plugin to ease discovering of security holes in web applications
A burp extension that add some useful function to Context Menu 添加一些右键菜单让burp用起来更顺畅
Adds a customizable "Send to..."-context-menu to your BurpSuite.
Burp Suite Pro extension
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
Burp and ZAP plugin to analyse Content-Security-Policy headers or generate template CSP configuration from crawling a Website
J2EEScan is a plugin for Burp Suite Proxy. The goal of this plugin is to improve the test coverage during web application penetration tests on J2EE applications.
A Burp Plugin for Detecting Weaknesses in Content Security Policies
RouterSploit is an embedded device exploitation framework and vulnerability scanner designed to identify and exploit security flaws in networked embedded hardware and firmware. It provides a centralized toolkit for scanning for known weaknesses and common misconfigurations to gain unauthorized system access. The framework includes an architecture-specific payload generator to create custom binary payloads tailored to the target hardware. It also features an automated brute force tool that uses dictionary-based credential guessing to bypass authentication on hardware devices. The tool covers
jexboss is a Java deserialization exploit framework and network vulnerability scanner designed to identify and exploit deserialization flaws to achieve remote code execution on target servers. It functions as a suite of tools for delivering payloads and executing system commands on vulnerable remote applications. The project includes a reverse shell orchestrator to establish and maintain persistent remote command connections from exploited targets back to a listener. It also provides post-exploitation automation for managing remote access and updating software on compromised systems. The fra
A BurpSuite extension for beautifying .NET message parameters and hiding some of the extra clutter that comes with .NET web apps (i.e. VIEWSTATE).
Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
This Burp Suite extension turns Burp into a Google Authenticator client. The current Google Two-Factor Authentication (2FA) code is automatically computed from a given shared secret and applied to bespoke location(s) in relevant requests in real-time.
A root exploit for CVE-2022-0847 (Dirty Pipe)